Extreme RADIUS Proxy Servers

Navigation

Navigate using the tab icons. Hover over an icon to see the name of the tab.

Configure   > Network Policies > policy_name > Wireless Networks > Add > All other Networks (standard) > Enterprise_WPA_WPA2_802.1X > Add_default_RADIUS_server_group > RADIUS_server_group_name > Add_Extreme_RADIUS_proxy

or

Configure > Network Policies > policy_name  > Wireless Networks > RADIUS_proxy_SSID_name  > default_RADIUS_server_group_name  > Extreme Networks_RADIUS_proxy_device_name

About Extreme RADIUS Proxy Servers

After you add or select an AP as a RADIUS proxy server as described in Standard Wireless Network Settings, you can configure RADIUS proxy server parameters, including the parameters for realms, a RADIUS server group, approved RADIUS clients, and other realm settings.

Realms

You can add a postfix notation realm after a user name, separated by an “@” symbol, and the result resembles an email address domain name. or you can add a prefix notation realm before a user name, with a backslash “\” separator. Modern RADIUS servers allow any character to be used as a realm separator, although “@” and “\” are the most common.

User names can also include multiple realms, for example domain1.com\username@domain2.com is a valid user name with two realms. This usage can be used to support multiple roaming scenarios.

Realms can be arbitrary text and do not need to contain real domain names, even though they can look like domains.

Proxy Operations

When a RADIUS server receives an AAA request for a user name containing a realm, the server looks up a table of configured realms. When the realm is known, the RADIUS server proxies the request to the home server for that domain. You can configure Extreme Networks proxy servers to strip the realm from the AAA request, or to add, remove, or change AAA requests when they are proxied.

View the Extreme Device RADIUS Proxy List

In the Device as a RADIUS Proxy panel, you can see devices that have been configured as RADIUS proxy servers. The list includes host name, device types, IP addresses, location (if assigned), and the assigned RADIUS server group name.

• Select the target host name and select RADIUS Proxy Settings. Configure new realm information as described in "Configure Realm Information".
• Select an assigned RADIUS server group name. Edit existing realm information as described in "Configure Realm Information".

Configure Realm Information

After you add a default RADIUS server group as described in Standard Wireless Network Settings, configure a new RADIUS server group, required realm names, and a new realm using the following procedures.

Add a RADIUS Server Group

If you have not already done so, in the Device as a RADIUS Proxy panel, select RADIUS Proxy Settings or an assigned RADIUS server group name to display the RADIUS Proxy Settings panel.On the Realms subtab, select Add a RADIUS Server Group. In the dialog box, enter or select the following for the RADIUS server group: name; optional description; IP address, host name, or network name; whether the RADIUS server group is used for authentication and accounting; the ports to use for authentication and for accounting; and the shared secret. Select Add to save your RADIUS server group settings.

Select Required Realms

In the RADIUS Proxy Settings window, in the Realms subtab, select the Required Default and Null Realms, and select whether or not the Default Realm strips the realm name from proxied access requests.

Create a Realm

In the RADIUS Proxy Settings window, in the Realms subtab, select in the Create Realm section.

In the dialog box, enter or select the new realm name, RADIUS server group, and whether or not the new realm strips the realm name from proxied access requests.Select Add to save your realm settings.

Save Realm Information

In the RADIUS Proxy Settings window, select Save. In the Device as a RADIUS Proxy window. Select Save again.

Note

If there are two or more RADIUS server definitions, make sure that they are applied in the correct sequence using the up and down arrow keys in the Order column.

In the Configure RADIUS Server Group window, select Save.

Configure Approved RADIUS Clients

You can assign one or more approved RADIUS clients to each configured realm in the RADIUS Proxy Settings panel under the Approved RADIUS Clients subtab.

When you are finished configuring realm information, you can view, delete, and configure approved RADIUS clients.

View Approved RADIUS Clients

If you have not already done so, in the Device as a RADIUS Proxy panel, select the link in the RADIUS Proxy Settings column to see the RADIUS Proxy Settings panel.

Select the Approved RADIUS Clients subtab.

The list of approved RADIUS clients includes IP address or host name; shared secret; and the optional description for each set of approved RADIUS clients.

Delete Approved RADIUS Clients

Note

Approved RADIUS clients cannot be modified. To change an approved RADIUS client, you must delete the old approved client and add a new approved client.

If you have not already done so, in the Device as a RADIUS Proxy window, select RADIUS Proxy Settings or an assigned RADIUS server group name.

In the RADIUS Proxy Settings window, select the Approved RADIUS Clients subtab.

Select a target-approved RADIUS client and then select .

Add Approved RADIUS Clients

If you have not already done so, in the Device as a RADIUS Proxy panel, select RADIUS Proxy Settings or an assigned RADIUS server group name.

In the RADIUS Proxy Settings panel, select the Approved RADIUS Clients subtab.

Select . In the dialog box, enter or select the IP address, host name or network name, shared secret, and optional description for approved RADIUS clients.

Select Add.

Save Approved RADIUS Client Information

On the RADIUS Proxy Settings panel, select Save. In the Device as a RADIUS Proxy window, select Save again.

Note

If there are two or more RADIUS server definitions, make sure that they are applied in the correct sequence using the up and down arrow keys in the Order column.

In the Configure RADIUS Server Group window, select Save.

Configure Realm Extended Settings

You can optimize realm configurations in the RADIUS Proxy Settings window under the Realm Settings subtab.

After you create a realm, use the following procedures and configure the extended settings for a realm.

View Realm Extended Settings

In the RADIUS Proxy Settings window, select the Realm Settings subtab to see the current extended settings.

Configure Realm Extended Settings

To configure the extended settings for a realm, select and add the following parameters: user and realm name format (NAI or Windows NT domain), delay between retries, count for number of retries before declaring failure, dead time before declaring failure, and whether or not to inject an operator-named attribute.

When you are finished, select Save.

In the Device as a RADIUS Proxy window, select Save again.

Note

If there are two or more RADIUS server definitions, make sure that they are applied in the correct sequence using the up and down arrow keys in the Order column.

In the Configure RADIUS Server Group window, select Save again.